Breach

Summary
Last month, nGuard released a security advisory called CIS Controls v8 (Part 2) where we covered controls 7-12. This time, we are wrapping it up by covering the remaining 8 controls that are essential for a company who puts emphasis on a strong security posture. Read about these controls below and then take action within your organization to implement them.

Controls
Control 13: Network Monitoring and Defense
If an attacker gained access to your internal network, would you even know that it happened? It is essential that tools be in place to monitor network traffic for malicious activity and take action if necessary. Implementing an intrusion prevention system and log management system, then configuring it to meet the needs of your organization can halt simple attacks in their tracks.

Control 14: Security Awareness and Skills Training
Employees are the weakest link in the chain of organizational security landscape. Step 1 for any company looking to increase their security posture should be training employees to put a halt to social engineering attempts. At nGuard, we regularly conduct advanced social engineering campaigns for our customers — their employees fall for it every time. It is essential to establish and maintain a security awareness program for employees and conduct simulations if possible. Make security part of your company’s culture.

Control 15: Service Provider Management
We have been seeing a lot of disturbing headlines lately in which companies release data to third-parties and those vendors allow the data to become compromised. While the vendor may be responsible, perhaps the contracting organization didn’t conduct proper due diligence. Take service provider management seriously by having a developed process in place to evaluate whether or not this vendor is going to put security first while in possession of your sensitive data.

Control 16: Application Software Security
Any nGuard engineer will tell you that the easiest way to compromise a system is by exploiting critical, widely-known vulnerabilities due to outdated or unsupported software. Although these companies rely on a slew of software packages to conduct daily business operations, they fail to update them when security patches are released. nGuard recommends that you maintain a list of firmware and software that will need to be updated; sign up for mailing lists that will alert you when new patches are to be released; and configure automatic updates if possible. Do not let your software be outdated for an extended period of time!

Control 17: Incident Response Management
Many security professionals will tell you that it’s not a matter of “if,” but a matter of “when” a company will become compromised in some form or fashion. Is your organization prepared to recover from a ransomware attack? If not, maybe it’s time to think about this. Having a well-developed incident response plan in place can prevent a world a trouble. Develop policies, plans, procedures, define roles, conduct training, and develop communication plans to mitigate threats. Once these measures have been implemented, conduct table top exercises to test the plan you have put in place.

Control 18: Penetration Testing
This is nGuard’s favorite control. Penetration testing attempts to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. While vulnerability scans do a great job of pointing you to the low hanging fruit that attackers will take advantage of, penetration testing brings a real-world expert into your environment to chain together vulnerabilities and give you a better evaluation of potential risk. Start with external penetration testing to secure your public facing infrastructure and then move to internal penetration testing to make life harder for an attacker that gets in.

Next Steps
nGuard offers a wide variety of services that will help guide your organization on its path to implementing these critical security controls. Our Strategic Security Assessment allows your organization’s key players the opportunity to sit down with a security consultant who knows these controls like the back of their hand. Not only will they help you strengthen the controls that are already in place, they will make recommendations for the areas in which your organization falls short. Below are some other ways nGuard can help your business implement these controls:

• Managed Event Collection (Control 13)
• Social Engineering via nGuard’s Pen Testing Practice (Control 14)
• Incident Response (Control 17)
• Penetration Testing (Control 18)

It’s another busy week in the world of cybersecurity and nGuard wants to keep our advisory readers up to date. This week, nGuard is bringing you everything from the US State Department being attacked to Microsoft Power Apps leaking 38 million records.

US State Department Hit By Cyber-Attack

On August 21, Fox News journalist Jacqui Heinrich reported that the U.S. State Department suffered a cyber-attack. This led to the Department of Defense Cyber Command making notifications of a possible serious breach. A spokesperson for the State Department was quoted as saying, “The department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.” The State Department will not likely release any details of the attack. This comes in the wake of recent attacks on Colonial Pipeline and JBS from Russia, and the Microsoft Exchange Server attacks originating from China.

AT&T Data Being Sold On The Dark Web

Last week it was T-Mobile, this week it’s AT&T. The hacker gang, ShinyHunters, is claiming they have the data of 70 million AT&T customers personal identifiable information (PII) which includes names, phone numbers, social security numbers, dates of birth, addresses, and more.  ShinyHunters are selling the data on RaidForums in small segments for $30,000 or the entire database for $1 million. AT&T has denied this information came from their systems.

Microsoft Power Apps Leaks 38 Million Records

The data of 38 million people was mistakenly exposed to the internet which was caused by an issue with more than 1000 Microsoft web applications. Some of the companies that were affected are American Airlines, Ford, J.B. Hunt, the Maryland Department of Health, the New York City Municipal Transportation Authority, and New York City public schools. The information leaked included COVID-19 contact tracing platforms, vaccination information, job application portals, and employee databases. The information included vaccination status, social security numbers, home addresses, and phone numbers. The flaw that allowed this leak to occur was in the Power Apps application programming interface (API) default setting which opened the information to the public. The privacy settings needed to be changed manually to prevent this from happening, but a majority of customers were not aware of this option.

President Biden Hosts Tech, Energy, Finance Leaders Meet In ‘Call to Action’

On Wednesday August 25^th, Apple, Amazon, Google, Microsoft and chief executives from insurance, energy and water companies were summoned to the White House to focus on improving cybersecurity. This meeting comes as recent high-profile attacks like the SolarWinds and Microsoft Exchange attacks have become more frequent. The White House wanted to address these areas of concern and determine how to best protect the 16 Critical Infrastructure sectors. Additionally, nonprofit organizations focused on computer science education and several colleges were included in the meeting to discuss efforts on how to address the gap of roughly 500,000 vacant U.S. cybersecurity jobs.

It’s another busy week in the world of cybersecurity and nGuard wants to keep our advisory readers up-to-date. This week, nGuard is bringing you everything from a T-Mobile data breach that exposed some extremely sensitive data to a Windows zero-day that may allow remote code execution.

T-Mobile Data Breach
Late Sunday night, the U.S. Sun reported that T-Mobile USA had likely suffered a massive data breach. T-Mobile was made aware of the breach after a hacker posted large swaths of data for sale on a popular online hacking forum. Early reports show the information from over 100 million customers may be at risk. This data set includes drivers license information, physical addresses, phone numbers, names, social security numbers, and unique IMEI numbers.

Norton and Avast Merger
On August 11^th, the security community was made aware that anti-virus giants NortonLifeLock and Avast were going to merge in a deal worth more than $8 billion. While both companies offer a similar product set, Norton’s experience with identity logistics and Avast’s individual focus on privacy could lead us down the path to the ultimate anti-virus product. With ransomware attacks on the rise, this merger could be timely for security professionals.

Gigabyte Ransomware Attack
Bleeping Computer and United Daily News were the first to report that Taiwan-based computer manufacturer, Gigabyte, had been the latest company to suffer a large-scale ransomware attack. Early reports are confirming that IT infrastructure was shut down, but the attack may be worse than originally expected. The attack appears to have been carried out by an organization called RansomEXX. This organization is also responsible for the attacks on the Brazilian government and the Texas’ Department of Transportation.

Windows Print Spooler Zero-Day
Late last week, Microsoft confirmed the presence of a Windows print spooler vulnerability now known as CVE-2021-36958. This is one of many vulnerabilities in a class of bugs known as “PrintNightmare.” This vulnerability utilizes the CopyFile registry directive on the device to copy a DLL file that ultimately allows an attacker to gain SYSTEM level privileges on the device. Microsoft quickly released security updates to address this vulnerability.